'Wave of Trojans' goes on the rampage

Corporate IT managers urged to be on their guard.

IT managers in companies of all sizes have been warned of a "wave of Trojans " that threatens their infrastructures.

The warning from security firm Finjan follows reports of a US$1,000 crime-ware development kit, including a Trojan, being sold to would-be hackers.

"This trend highlights the alarming growth of crime-ware toolkits being sold to hackers," said Yuval Ben-Itzhak, chief technology officer at Finjan.

"Such crime-ware is focusing on stealing sensitive business data and sending it back to criminals' servers over encrypted communication channels like SSL in order to go undetected."

Finjan's Malicious Code Research Center pointed to the rapid rise of a new Prg Trojan variant, which it believes may have been developed using a crime-ware toolkit.

The malware relays sensitive data collected during employees' online activity to hacker websites using an SSL-encrypted format.

Research by Don Jackson, of managed security firm SecureWorks, suggests that the Prg crime-ware has been modified using a Trojan development kit to listen for hacker commands on a special TCP/IP port.

These commands allow the hacker to gain remote control of the compromised system. Jackson's analysis of log files on the servers storing the stolen data found that information was coming from corporate PCs.

Copyright ©v3.co.uk